PSIM Copyright (C) 1994-1995, Andrew Cagney <cagney@highland.com.au> This directory contains the program PSIM that models the PowerPC(tm - IBM) architecture. It can either be run stand alone (psim or run) or used as part of GDB. KNOWN FEATURES SMP: A Symetric Multi-Processor configuration is suported. This includes modeling of the PowerPC load word and reserve instructions (if intending to use this feature you are well advised to read the the source code for the reservation instructions so that you are aware of any potential limitations in the model). The number of processors is selected during startup. DUAL-ENDIAN: Both little and big endian models are suported. The execution of instruction sequences that switch between the two modes, however, is not. The endianess is selected during startup. UIEA, VEA and OEA: The PowerPC architecture defines three levels of the PowerPC architecture. This simulator, to a reasonable degree, is capable of modeling all three. That is the User Instruction Set Architecture, the Virtual Environment Architecture and finally the Operating Environment Architecture. The environment is selected during startup. The OEA model is still under development. HARDWARE DEVICE TREE: In the OEA, the model of the target machines hardware is built from a tree of devices (bit like Open Boot). Included in this is the ability to model bus hierachies and runtime-configurable devices (eg PCI). The device tree used to create the hardware model is created during startup. This device tree is still under development. VEA SYSTEM CALLS: In user mode, basic system calls (read, write, open, close ...) are emulated. Under NetBSD (simply because that is what my machine at home runs) the list is more extensive. PEDANTIC VEA MEMORY MODEL: This model implements the break (brk, sbrk) system calls. Further, the user model has very strict memory access controls. User programs can not assume that they can stray off the end of valid memory areas. This model defines valid memory addresses in strict accordance to the executable and does not page allign their values. At first this was a bug but since then has turned up several problems in user code so it is now described as a feature. PROFILING: The simulation is able to count the number and type of instructions issued and the number of loads and stores. This feature is still under development. PERFORMANCE: In its default configuration PSIM is constructed so that it will compile fast and run slow. Through the enabling of more agressive compile options (and the disabling of unwanted features) the build can be changed to compile slow and run fast. FLOATING POINT: Preliminary suport for floating point is included. Real kernels don't need floating point. BUILDING PSIM: To build PSIM you will need the following: gdb-4.15.tar.gz From your favorite GNU ftp site ftp://ftp.ci.com.au/pub/clayton/gdb-4.15+psim-951016.diff.gz This contains a few minor patches to gdb-4.15 so that will include psim when it is built. ftp://ftp.ci.com.au/pub/clayton/gdb-4.15+psim-951016.tar.gz This contains the psim files propper. ftp://ftp.ci.com.au/pub/clayton/psim-test-951016.tar.gz (Optional) A scattering of pre-compiled programs that run under the simulator. gcc Again available from your favorite GNU ftp site. patch Sun's patch behaves a little wierd and doesn't appear to like creating empty files. In the directory ftp.ci.com.au:pub/clayton you will also notice files named psim-NNNNNN.tar.gz. Those, more recent snapshots, may or may not work with gdb. 0. A starting point $ ls -1 gdb-4.15+psim-951016.diff.gz gdb-4.15+psim-951016.tar.gz gdb-4.15.tar.gz psim-test-951016.tar.gz 1. Unpack gdb $ gunzip < gdb-4.15.tar.gz | tar xf - 2. Change to the gdb directory, apply the psim patches and unpack the psim files. $ cd gdb-4.15 $ gunzip < ../gdb-4.15+psim-951016.diff.gz | more $ gunzip < ../gdb-4.15+psim-951016.diff.gz | patch -p1 $ gunzip < ../gdb-4.15+psim-951016.tar.gz | tar tvf - $ gunzip < ../gdb-4.15+psim-951016.tar.gz | tar xvf - 3. Configure gdb $ more gdb/README then something like (I assume SH): $ CC=gcc ./configure --target=powerpc-unknown-eabisim eabisim is needed as by default (because PSIM needs GCC) the simulator is not built. 4. Build $ make CC=gcc alternativly, if you are short on disk space or just want the simulator built: $ ( cd libiberty && make CC=gcc ) $ ( cd bfd && make CC=gcc ) $ ( cd sim/ppc && make CC=gcc ) 5. Install $ make CC=gcc install or just $ cp gdb/gdb ~/bin/powerpc-unknown-eabisim-gdb $ cp sim/ppc/run ~/bin/powerpc-unknown-eabisim-run USING THE SIMULATOR: (I assume that you've unpacked the psim-test archive). 1. As a standalone program Print out the users environment: $ powerpc-unknown-eabisim-run envp Print out the arguments: $ powerpc-unknown-eabisim-run argv a b c Check that sbrk works: $ powerpc-unknown-eabisim-run break 2. Example of running GDB: The main thing to note is that before you can run the simulator you must enable it. The example below illustrates this: $ powerpc-unknown-eabisim-gdb envp (gdb) target sim (gdb) load (gdb) break main (gdb) run . . . BUGS AND PROBLEMS: There is a mailing list (subscribe through majordomo@ci.com.au) (that is almost never used) at: powerpc-psim@ci.com.au If I get the ftp archive updated I post a note to that news group. In addition your welcome to send bugs or problems either to me or to that e-mail list. KNOWN PROBLEMS: See the ChangeLog file looking for lines taged with the word FIXME. COREFILE.C: The implementation of corefile.c (defined by corefile.h) isn't the best. It is intended to be functionaly correct rather than fast. HTAB (page) code for OEA model untested. Some of the vm code instructions unimplemented. Flush instruction cache instructions do nothing. Perhaphs they should (if there is an instruction cache) flush it. Lacks PowerOpen (a.k.a. XCOFF a.k.a. AIX) and NT startups. The PowerOpen worked until I added the ELF one. OpenBoot and PR*P interfaces missing. Open boot could be implemented by putting special instructions at the address of the OpenBoot callback functions. Those instructions could than emulate OpenBoot behavour. Missing VEA system calls. Missing or commented out instructions. 64bit target untested. 64bit host broken. For instance use of scanf "%x", &long long. Event code for pending events from within signal handlers not finished/tested. Better and more devices. PORTABILITY (Notes taken from Michael Meissner): Heavy use of the ## operator - fix using the clasic X/**/Y hack; Use of the signed keyword. In particular, signed char has no analogue in classic C (though most implementations of classic C use signed chars); Use of long long which restricts the target compiler to be GCC. THANKS: Thanks go to the following who each helped in some way. Allen Briggs, Bett Koch, David Edelsohn, Gordon Irlam, Michael Meissner, Bob Mercier, Richard Perini, Richard Stallman, Mitchele Walker ---------------------------------------------------------------- Random notes on performance: $ cd test time ../psim count `expr 10000000 / 2` time ../psim volatile-count `expr 10000000 / 7` Where 2 and 7 are the number of instructions in the main loop. 611/729 - baseline Tests: CFLAGS= -c -O2 -m486 -fomit-frame-pointer o different first/second level table/switch combinations 0 - use a table 1 - use a simple switch 2 - use an expanded switch i486DX4/100 - AMD 1/108/140 - switch=0/0/0,expand=2,inline=2,nia=1,cache=1 1/114/140 - switch=0/0/0,expand=2,inline=2,nia=1,cache=1 1/137/149 - switch=0/0,expand=2,inline=1,nia=1,cache=1 1/144/155 - switch=2/1,expand=2,inline=1,nia=1,cache=1 1/153/159 - switch=2/1,expand=0,inline=1,nia=1,cache=1 1/185/189 - switch=0/0,expand=0,inline=1,nia=1 i486DX2/66 1/572/695 - switch=1/1,expand=0,inline=0 1/579/729 - switch=0/0,expand=0,inline=0 1/570/682 - switch=2/2,expand=0,inline=0 1/431/492 - switch=0/0,expand=0,inline=1,nia=0 1/271/292 - switch=2/1,expand=0,inline=1,nia=0 1/270/316 - switch=2/2,expand=0,inline=1,nia=0 1/271/281 - switch=1/1,expand=0,inline=1,nia=1 1/267/274 - switch=2/1,expand=0,inline=1,nia=1